What Is Malware?
Malware is malicious software found attached to emails, embedded in fraudulent links, hidden in ads, and anywhere else your employees go on the internet.
Basically, what this means is: Malware is everywhere.
According to Kaspersky, about one in five users
were subjected to at least one malware-class web attack in 2019, while more than 273 million unique URLs were recognized as malicious by its antivirus software.
All malware can be used to steal data, passwords, financial information, or company trade secrets. Their differences are often in how they're designed or spread. To help you better understand the malware landscape, below are the eight most common types of malware IT teams must guard against.
Serves unwanted or malicious advertising. While relatively harmless, it can be irritating as spammy ads continually pop up while you work. In addition, ads that served may lead the user to download more harmful types of malware unintentionally.
2) Fileless malware
Doesn't directly impact files or the file system, unlike traditional malware, which uses executable files to infect devices. This type of malware uses non-file objects like Microsoft Office macros, PowerShell, WMI, and other system tools. Because there's no executable file, fileless malware is difficult for antivirus software to protect against. A notable example of a fileless malware attack was Operation Cobalt Kitty
, in which OceanLotus Group infiltrated several corporations and conducted nearly six months of operations before being detected.
Malware that infects another program and can spread to other systems, in addition to performing the malicious act itself. The virus is attached to a file and is executed once the file is launched.
Similar to a virus, a worm can spread itself to other devices or systems. However, a worm does not infect other programs.
Malware that pretends to be a legitimate program, but is in fact malicious. A trojan can't spread by itself like a virus or worm, but instead must be executed by its victim. A trojan usually comes into your network through email or is pushed to users as a link on a website. Because trojans rely on social engineering to get users to spread and download, they can be more difficult to combat.
A bot is a software program that performs an automated task without interaction. A computer with a bot infection can spread the bot to other devices, creating a botnet. This network of bot-compromised machines can then be controlled and used to launch massive attacks by hackers, often without the device owner being aware of its role in the attack. Bots are capable of massive attacks, such as the distributed denial of service attack (DDoS)
in 2018 that brought down the internet for most of the Eastern U.S.
These attacks work by encrypting a device's data and holding it for ransom until the hacker is paid to release it. If the ransom isn't paid by a deadline, the hacker will threaten to delete the data or release it to the public. Paying up may not help. Often, victims lose their data even if they pay the fee.
Ransomware attacks are some of the most newsworthy malware types due to their impact on hospitals
, telecommunications, railway networks, and governmental offices. A prime example is the WannaCry
attack that locked up hundreds of thousands of devices across more than 150 countries.
Cybercriminals use spyware to monitor the activities of users. By logging the keystrokes a user inputs throughout the day, the malware can provide access to user names, passwords, and personal data.
How To Protect Your Enterprise Against Malware
Malware exploits weaknesses in your hardware, your software, and your users. When defending against malware, IT needs to take a multi-pronged approach.
First, you must educate your users about safe technology practices. Many malware infestations are the result of social engineering attacks that gets a user to actively click a link, download a file, or run a program. By teaching users to avoid clicking on suspicious links or downloading unexpected files, you can go a long way in reducing your exposure to risk.
You also need to leverage the capabilities of technology to constantly search for evidence of threats and compromises, and have processes in place to remove the malware and prevent hackers from getting back in again.
Because malware is a constantly shifting target, this can be difficult to manage for organizations that don't have dedicated malware expertise or resources.
Managed detection and response (MDR) services can help. MDR providers
have technology for continuous monitoring and threat detection/response, along with a team of security engineers who work as an extension of your team around the clock. With threat detection and response capabilities that are part of a SOC-as-a-service
offering, you can stay ahead of malware threats and respond more effectively to any malware before it causes widespread mayhem.
If you're looking for more information or are ready to get started on developing great cybersecurity measures at your organization, check out a demo